In a watershed moment for digital privacy, a U.S. federal jury awarded WhatsApp Rs 1400 crore in its cyberespionage lawsuit against Israeli spyware maker NSO Group. The trial pulled back the curtain on Pegasus, a powerful surveillance tool used against activists, journalists, and others, reigniting global debate over the ethics of surveillance-for-hire.
Trial Exposes Pegasus Operations and Surveillance Tactics
In a significant legal victory for Meta-owned WhatsApp, a jury in Northern California awarded the messaging platform a total of $168 million in damages—including Rs 3.71 crore in compensatory and Rs. 1400 crore in punitive damages in its long-running lawsuit against NSO Group. The case, filed in 2019, accused the Israeli cyber-intelligence firm of exploiting a vulnerability in WhatsApp to infect user devices with Pegasus, its flagship spyware product.
The verdict followed detailed evidence presented by WhatsApp, which alleged that NSO reverse-engineered its app to masquerade as legitimate WhatsApp network traffic. This maneuver allowed attackers to remotely install malicious code on users’ smartphones, thereby gaining full control of the devices including access to encrypted chats, microphone and camera feeds, and virtually any installed application.
“This trial put spyware executives on the stand and exposed exactly how their surveillance-for-hire system — shrouded in so much secrecy — operates,” Meta said in a blog post following the ruling.
Pegasus: A Global Threat to Privacy and Human Rights
Pegasus has earned notoriety as one of the most sophisticated and intrusive surveillance tools available to government agencies. While NSO maintains that it only sells Pegasus to “authorized government clients” to combat terrorism and serious crime, the spyware has repeatedly surfaced in reports of misuse by authoritarian regimes.
One of the earliest high-profile incidents involving Pegasus came in 2016, when Apple had to issue an emergency patch after researchers found that Emirati human rights activist Ahmed Mansoor was targeted using the tool. Subsequent investigations, including the Pegasus Project by Amnesty International and Forbidden Stories, revealed widespread abuses in countries with poor human rights records.
Meta’s legal team introduced internal documents and technical analysis showing that NSO invested tens of millions of dollars annually to expand Pegasus’s reach—not only through messaging apps like WhatsApp, but also via browsers, operating systems, and other vectors.
“These malicious technologies are a threat to the entire ecosystem,” Meta warned, pledging to continue holding spyware vendors accountable for indiscriminate targeting of civil society.
A Message to Spyware Vendors: Courts Are Watching
NSO, for its part, rejected the verdict’s implications. “We firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies,” said Gil Lainer, NSO’s Vice President for Global Communications, adding that the company plans to explore legal remedies and appeal.
Nonetheless, the ruling sets a powerful precedent. It demonstrates that even secretive, government-linked cyber firms can be held liable for abuse of technology in U.S. courts. The punitive damages—awarded explicitly to deter future wrongdoing—signal the judiciary’s stance on invasive surveillance practices, especially those that breach end-to-end encryption platforms.
For privacy advocates, journalists, and human rights defenders, the verdict brings a rare but critical win in a digital battlefield increasingly dominated by zero-click exploits and silent intrusions.